package com.example.demo.config;

import javax.annotation.Resource;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;

@Configuration
public class BrowerSecurityConfig extends WebSecurityConfigurerAdapter {

	@Resource
	private AuthenticationSuccessHandler myAuthenticationSuccessHandler;
	@Resource
	private AuthenticationFailureHandler myAuthenticationFailureHandler;

	@Override
	protected void configure(HttpSecurity http) throws Exception {
		http.formLogin()
				// .loginPage("/login.jsp").usernameParameter("username").passwordParameter("password")
				// .defaultSuccessUrl("/hello").loginProcessingUrl("/login")
		        .successHandler(myAuthenticationSuccessHandler) // 认证成功回调
																															// 一般不设置
				.failureHandler(myAuthenticationFailureHandler) // 认证失败的回调
				.and().authorizeRequests()
				// .antMatchers("/logout").permitAll()
				.antMatchers("/img/**").permitAll().antMatchers("/js/**").permitAll().antMatchers("/css/**").permitAll()
				.antMatchers("/bootstrap/**").permitAll().antMatchers("/fonts/**").permitAll()
				.antMatchers("/favicon.ico").permitAll().antMatchers("/login.jsp").permitAll().antMatchers("/login")
				.permitAll().anyRequest().authenticated().and();
		// .csrf().disable();
	}

	/**
	 * 注入一个密码验证器，可以自己实现，这里使用默认的
	 * 
	 * @return
	 */
	@Bean
	public PasswordEncoder passwordEncoder() {
		return new BCryptPasswordEncoder();
	}

}